CVE-2021-22538

🗓️ 31 Mar 2021 21:16:15Reported by GoogleType

Privilege escalation vuln in Google Exposure Notification Verification Server (ver < 0.23.1) allows user to create another user with higher privileges

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2021-22538	31 Mar 202121:15	–	nvd
OSV	GO-2022-0798 Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server	21 Aug 202415:29	–	osv
OSV	Privilege escalation in rbac	21 May 202114:32	–	osv
OSV	CVE-2021-22538	31 Mar 202121:15	–	osv
Cvelist	CVE-2021-22538 Privilege escalation in RBAC system	31 Mar 202121:10	–	cvelist
Github Security Blog	Privilege escalation in rbac	21 May 202114:32	–	github
Prion	Privilege escalation	31 Mar 202121:15	–	prion

Nvd

Vulners

Node

google exposure_notifications_verification_serverRange<0.23.1

[
  {
    "platforms": [
      "all"
    ],
    "product": "Exposure Notifications Verification Server",
    "vendor": "Google LLC",
    "versions": [
      {
        "lessThanOrEqual": "0.23.0",
        "status": "affected",
        "version": "stable",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0
github	www.github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6
github	www.github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95
github	www.github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Mar 2021 21:15Current

7.4High risk

Vulners AI Score7.4

CVSS26.5

CVSS36.3 - 8.8

EPSS0.00127